NIS2 Directive: Adapting Your Cybersecurity Strategy
The NIS2 Directive introduces new requirements and standards to strengthen cybersecurity across the EU. Learn how to prepare and stay compliant.
Increasing resilience with NIS2
The EU is setting new standards for the protection of critical infrastructures with the ever-increasing networking and risks in cyberspace. The NIS2 directive requires companies to implement risk management, develop cybersecurity strategies and procedures, train employees, maintain operational continuity solutions, and report significant incidents within 24 hours. Affected organisations should adapt their strategies as quickly as possible to meet the requirements and remain future-proof.
Risk analysis as part of the NIS2 directive
The NIS2 directive is closely linked to risk analysis as it requires organisations to design their security measures based on a comprehensive risk assessment. A key change is that with NIS2, organisations must also review the security in their supply chain to ensure that partners and suppliers do not introduce vulnerabilities into their own system.
Digital solutions, like those provided by F24, are particularly helpful here, as they automate processes, create transparency and increase efficiency.
Pragmatic implementation – how F24 helps you
Our FACT24 solution offers an all-in-one approach for implementing the 10 measures. It primarily supports companies in the preparation and management of security incidents, alerts, risk analyses and the distribution of information at critical moments. In addition, FACT24 EDU enables targeted training of the crisis team and management to optimally prepare them for dealing with crisis situations and the requirements of the NIS2 directive.
What is NIS2?
NIS2 stands for the second Network and Information Security Directive. It is a revised version of the original NIS Directive, which was introduced in 2016. The aim of NIS2 is to increase the overall level of cybersecurity in the EU and protect more industries from cyber threats. The second directive came into force in October 2024, but many member states are still behind schedule.
Who is obliged to comply with NIS2?
If you fall under “Essential Entities”, “Important Entities” or “Critical Infrastructures (KRITIS)”, you must comply with the NIS2 guidelines. Companies with at least 50 employees or an annual turnover of at least 10 million Euros are already subject to the requirements.
However, there are exceptions and not all measures apply equally to all sectors. For example, financial companies that fall under the DORA regulations, as well as operators of telecommunications networks, energy supply networks or energy systems and public administration are exempt from certain NIS2 measures.
Do you need professional support with implementation or legal advice? Then get in touch with us! We work with many consulting companies and law firms and will be happy to recommend a suitable partner for your needs.
NIS2 requirements
The new NIS2 directive sets Europe-wide minimum requirements for taking measures against cyber threats. The legal requirements are summarised here:
- Obligation to register, within 3 months
- Implementation & documentation of the 10 minimum measures for risk & incident management
- Professional proof of implementation and audits for KRITIS companies, for the first time after 3 years
- Reporting obligations for significant incidents: Initial report within 24h, confirmed initial report after 72h, final report after 4 weeks & progress reports if it takes longer than 4 weeks
- Duty to inform the public or customers in the event of incidents
More than 5,500 Customers from All Industries
Trust the Services of F24 in Critical Situations.
Related Solutions
Product Explorer
Find solutions that can suit your needs in case of emergency.
F24 SaaS-Solutions
Check out our range of smart solutions.
Crisis Response
Prepare and manage your crisis response with our smart solutions, designed specifically for critical situations.
Act Effectively in Times of Crisis with F24’s Smart Solutions
Don’t let an emergency turn into a crisis. Act clearly and decisively with the help of F24 solutions. Our products help crisis teams communicate consistently during critical situations. Our software supports organisations to respond to situations using all communication channels in real-time and notify general public or targeted groups of people. Talk to us today to learn about our range of crisis response solutions.
Learn How Our Smart Solutions can Help You!
Fill in you personal Data
Learn How Our Smart Solutions can Help You!
Fill in you personal Data